It appears to be coming from Malasya...It appears to be associated with some sort of cpanel hole (which seems to have been plugged by the latest upgrade you did...but I am not completely sure about that yet) This info comes from web searching for tembak and bindtty (which was another file in the tmp directory)

BOTH files are owned by "nobody" which implies that it was put there by apache and/or php...